add /forgottenpassword rest api

Author: jrivard

build/checkstyle-suppression.xml

@@ -25,4 +25,5 @@
 
 <suppressions>
     <suppress files="XmlFactoryTest\.xml" checks="[a-zA-Z0-9]*"/>
+    <suppress files="rest.jsp" checks="FileLength"/>
 </suppressions>

server/pom.xml

@@ -192,7 +192,7 @@
         <dependency>
             <groupId>com.github.ldapchai</groupId>
             <artifactId>ldapchai</artifactId>
-            <version>0.7.4</version>
+            <version>0.7.5</version>
         </dependency>
         <dependency>
             <groupId>commons-net</groupId>

server/src/main/java/password/pwm/AppProperty.java

@@ -344,6 +344,8 @@ public enum AppProperty
     TOKEN_REMOVE_ON_CLAIM                           ( "token.removeOnClaim" ),
     TOKEN_VERIFY_PW_MODIFY_TIME                     ( "token.verifyPwModifyTime" ),
     TOKEN_STORAGE_MAX_KEY_LENGTH                    ( "token.storage.maxKeyLength" ),
+    REST_SERVER_FORGOTTEN_PW_TOKEN_DISPLAY          ( "rest.server.forgottenPW.token.display" ),
+    REST_SERVER_FORGOTTEN_PW_RULE_DELIMITER         ( "rest.server.forgottenPW.ruleDelimiter" ),
     TELEMETRY_SENDER_IMPLEMENTATION                 ( "telemetry.senderImplementation" ),
     TELEMETRY_SENDER_SETTINGS                       ( "telemetry.senderSettings" ),
     TELEMETRY_SEND_FREQUENCY_SECONDS                ( "telemetry.sendFrequencySeconds" ),

server/src/main/java/password/pwm/PwmConstants.java

@@ -166,6 +166,7 @@ public abstract class PwmConstants
     public static final String PARAM_RECOVERY_OAUTH_RESULT = "roauthResults";
     public static final String PARAM_SIGNED_FORM = "signedForm";
     public static final String PARAM_USERKEY = "userKey";
+    public static final String PARAM_METHOD_CHOICE = "methodChoice";
 
 
     public static final String COOKIE_PERSISTENT_CONFIG_LOGIN = "CONFIG-AUTH";

server/src/main/java/password/pwm/bean/TokenDestinationItem.java

@@ -23,14 +23,19 @@
 package password.pwm.bean;
 
 import lombok.Builder;
+import lombok.Getter;
 import lombok.Value;
+import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
 import password.pwm.config.Configuration;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.option.MessageSendMethod;
 import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.i18n.Display;
+import password.pwm.i18n.PwmDisplayBundle;
 import password.pwm.ldap.UserInfo;
 import password.pwm.svc.token.TokenDestinationDisplayMasker;
+import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.secure.SecureService;
 
@@ -41,6 +46,7 @@
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Optional;
 
@@ -72,21 +78,21 @@ public static Map<PwmSetting, Type> getSettingToDestTypeMap( )
     private String value;
     private Type type;
 
+    @Getter
     public enum Type
     {
-        sms( MessageSendMethod.SMSONLY ),
-        email( MessageSendMethod.EMAILONLY ),;
+        sms( MessageSendMethod.SMSONLY, Display.Button_SMS, Display.Display_RecoverTokenSendChoiceEmail ),
+        email( MessageSendMethod.EMAILONLY, Display.Button_Email, Display.Display_RecoverTokenSendChoiceSMS ),;
 
         private MessageSendMethod messageSendMethod;
+        private PwmDisplayBundle buttonLocalization;
+        private PwmDisplayBundle displayLocalization;
 
-        Type( final MessageSendMethod messageSendMethod )
+        Type( final MessageSendMethod messageSendMethod, final PwmDisplayBundle buttonLocalization, final PwmDisplayBundle displayLocalization )
         {
+            this.buttonLocalization = buttonLocalization;
             this.messageSendMethod = messageSendMethod;
-        }
-
-        public MessageSendMethod getMessageSendMethod( )
-        {
-            return messageSendMethod;
+            this.displayLocalization = displayLocalization;
         }
     }
 
@@ -109,7 +115,7 @@ public static List<TokenDestinationItem> allFromConfig(
                         userInfo.getUserEmailAddress2(),
                         userInfo.getUserEmailAddress3(),
                 }
-                )
+        )
         {
             if ( !StringUtil.isEmpty( emailValue ) )
             {
@@ -130,7 +136,7 @@ public static List<TokenDestinationItem> allFromConfig(
                         userInfo.getUserSmsNumber2(),
                         userInfo.getUserSmsNumber3(),
                 }
-                )
+        )
         {
             if ( !StringUtil.isEmpty( smsValue ) )
             {
@@ -186,4 +192,20 @@ public static List<TokenDestinationItem> stripValues( final List<TokenDestinatio
         }
         return returnList;
     }
+
+    public String longDisplay( final Locale locale, final Configuration configuration )
+    {
+        final Map<String, String> tokens = new HashMap<>();
+        tokens.put( "%LABEL%", LocaleHelper.getLocalizedMessage( locale, getType().getButtonLocalization(), configuration ) );
+        tokens.put( "%MESSAGE%", LocaleHelper.getLocalizedMessage( locale, getType().getDisplayLocalization(), configuration ) );
+        tokens.put( "%VALUE%", this.getDisplay() );
+
+        String output = configuration.readAppProperty( AppProperty.REST_SERVER_FORGOTTEN_PW_TOKEN_DISPLAY );
+        for ( final Map.Entry<String, String> entry : tokens.entrySet() )
+        {
+            output = output.replace( entry.getKey(), entry.getValue() );
+        }
+
+        return output;
+    }
 }

server/src/main/java/password/pwm/config/PwmSetting.java

@@ -1189,17 +1189,16 @@ public enum PwmSetting
 
     ENABLE_EXTERNAL_WEBSERVICES(
             "external.webservices.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.REST_SERVER ),
-    ENABLE_WEBSERVICES_READANSWERS(
-            "webservices.enableReadAnswers", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.REST_SERVER ),
-    PUBLIC_HEALTH_STATS_WEBSERVICES(
-            "webservices.healthStats.makePublic", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.REST_SERVER ),
+    WEBSERVICES_PUBLIC_ENABLE(
+            "webservices.public.enable", PwmSettingSyntax.OPTIONLIST, PwmSettingCategory.REST_SERVER ),
     WEBSERVICES_EXTERNAL_SECRET(
             "webservices.external.secrets", PwmSettingSyntax.NAMED_SECRET, PwmSettingCategory.REST_SERVER ),
     WEBSERVICES_QUERY_MATCH(
             "webservices.queryMatch", PwmSettingSyntax.USER_PERMISSION, PwmSettingCategory.REST_SERVER ),
     WEBSERVICES_THIRDPARTY_QUERY_MATCH(
             "webservices.thirdParty.queryMatch", PwmSettingSyntax.USER_PERMISSION, PwmSettingCategory.REST_SERVER ),
-
+    ENABLE_WEBSERVICES_READANSWERS(
+            "webservices.enableReadAnswers", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.REST_SERVER ),
 
     EXTERNAL_MACROS_DEST_TOKEN_URLS(
             "external.destToken.urls", PwmSettingSyntax.STRING, PwmSettingCategory.REST_CLIENT ),
@@ -1224,6 +1223,10 @@ public enum PwmSetting
 
     // deprecated.
 
+    // deprecated 2019-06-01
+    PUBLIC_HEALTH_STATS_WEBSERVICES(
+            "webservices.healthStats.makePublic", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.REST_SERVER ),
+
     // deprecated 2019-01-20
     PEOPLE_SEARCH_DISPLAY_NAME(
             "peopleSearch.displayName.user", PwmSettingSyntax.STRING, PwmSettingCategory.PEOPLE_SEARCH ),

server/src/main/java/password/pwm/config/option/WebServiceUsage.java

@@ -22,17 +22,47 @@
 
 package password.pwm.config.option;
 
+import password.pwm.ws.server.RestAuthenticationType;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.stream.Collectors;
+
 public enum WebServiceUsage
 {
-    Challenges,
-    CheckPassword,
-    Health,
-    Profile,
-    RandomPassword,
-    SetPassword,
-    SigningForm,
-    Statistics,
-    Status,
-    VerifyOtp,
-    VerifyResponses,
+    Challenges( RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    CheckPassword( RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    ForgottenPassword( RestAuthenticationType.PUBLIC ),
+    Health( RestAuthenticationType.PUBLIC ),
+    Profile( RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    RandomPassword( RestAuthenticationType.PUBLIC, RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    SetPassword( RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    SigningForm( RestAuthenticationType.NAMED_SECRET ),
+    Statistics( RestAuthenticationType.PUBLIC, RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    Status( RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    VerifyOtp( RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),
+    VerifyResponses( RestAuthenticationType.NAMED_SECRET, RestAuthenticationType.LDAP ),;
+
+    private Set<RestAuthenticationType> type;
+
+    WebServiceUsage( final RestAuthenticationType... type )
+    {
+        this.type = type == null ? Collections.emptySet() : Collections.unmodifiableSet( new HashSet<>( Arrays.asList( type ) ) );
+    }
+
+    public Set<RestAuthenticationType> getTypes()
+    {
+        return type;
+    }
+
+    public static Set<WebServiceUsage> forType( final RestAuthenticationType type )
+    {
+        return Collections.unmodifiableSet(
+                Arrays.stream( WebServiceUsage.values() )
+                        .filter( webServiceUsage -> webServiceUsage.getTypes().contains( type ) )
+                        .collect( Collectors.toSet() )
+        );
+    }
 }

server/src/main/java/password/pwm/config/stored/ConfigurationCleaner.java

@@ -27,6 +27,8 @@
 import password.pwm.config.PwmSetting;
 import password.pwm.config.StoredValue;
 import password.pwm.config.option.ADPolicyComplexity;
+import password.pwm.config.option.WebServiceUsage;
+import password.pwm.config.value.OptionListValue;
 import password.pwm.config.value.StringArrayValue;
 import password.pwm.config.value.StringValue;
 import password.pwm.error.PwmUnrecoverableException;
@@ -36,7 +38,9 @@
 
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Set;
 
 class ConfigurationCleaner
 {
@@ -338,5 +342,18 @@ private void updateDeprecatedSettings( ) throws PwmUnrecoverableException
                 storedConfiguration.resetSetting( PwmSetting.RECOVERY_ENFORCE_MINIMUM_PASSWORD_LIFETIME, profileID, actor );
             }
         }
+
+        if ( !storedConfiguration.isDefaultValue( PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES ) )
+        {
+            LOGGER.warn( "converting deprecated non-default setting "
+                    + PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES.toMenuLocationDebug( null, PwmConstants.DEFAULT_LOCALE )
+                    + " to replacement setting " + PwmSetting.WEBSERVICES_PUBLIC_ENABLE.toMenuLocationDebug( null, PwmConstants.DEFAULT_LOCALE ) );
+            final Set<String> existingValues = (Set<String>) storedConfiguration.readSetting( PwmSetting.WEBSERVICES_PUBLIC_ENABLE ).toNativeObject();
+            final Set<String> newValues = new LinkedHashSet<>( existingValues );
+            newValues.add( WebServiceUsage.Health.name() );
+            newValues.add( WebServiceUsage.Statistics.name() );
+            storedConfiguration.writeSetting( PwmSetting.WEBSERVICES_PUBLIC_ENABLE, null, new OptionListValue( newValues ), actor );
+            storedConfiguration.resetSetting( PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES, null, actor );
+        }
     }
 }

server/src/main/java/password/pwm/cr/CrChallengeItemBean.java

@@ -22,69 +22,46 @@
 
 package password.pwm.cr;
 
+import com.novell.ldapchai.cr.Challenge;
+import com.novell.ldapchai.cr.bean.ChallengeBean;
+import lombok.Builder;
+import lombok.Value;
+
 import java.io.Serializable;
 
-public class CrChallengeItemBean implements Serializable
+@Value
+@Builder
+public class CrChallengeItemBean implements Serializable, Challenge
 {
-    public String challengeText;
-    public int minLength;
-    public int maxLength;
-    public boolean adminDefined;
-    public boolean required;
-    public int maxQuestionCharsInAnswer;
-    public boolean enforceWordlist;
-
-    public CrChallengeItemBean(
-            final String challengeText,
-            final int minLength,
-            final int maxLength,
-            final boolean adminDefined,
-            final boolean required,
-            final int maxQuestionCharsInAnswer,
-            final boolean enforceWordlist
-    )
-    {
-        this.challengeText = challengeText;
-        this.minLength = minLength;
-        this.maxLength = maxLength;
-        this.adminDefined = adminDefined;
-        this.required = required;
-        this.maxQuestionCharsInAnswer = maxQuestionCharsInAnswer;
-        this.enforceWordlist = enforceWordlist;
-    }
-
-    public String getChallengeText( )
-    {
-        return challengeText;
-    }
-
-    public int getMinLength( )
-    {
-        return minLength;
-    }
+    private String challengeText;
+    private int minLength;
+    private int maxLength;
+    private boolean adminDefined;
+    private boolean required;
+    private int maxQuestionCharsInAnswer;
+    private boolean enforceWordlist;
 
-    public int getMaxLength( )
+    @Override
+    public boolean isLocked()
     {
-        return maxLength;
+        return true;
     }
 
-    public boolean isAdminDefined( )
+    @Override
+    public void lock()
     {
-        return adminDefined;
-    }
 
-    public boolean isRequired( )
-    {
-        return required;
     }
 
-    public int getMaxQuestionCharsInAnswer( )
+    @Override
+    public void setChallengeText( final String challengeText )
     {
-        return maxQuestionCharsInAnswer;
+        throw new IllegalStateException();
     }
 
-    public boolean isEnforceWordlist( )
+    @Override
+    public ChallengeBean asChallengeBean()
     {
-        return enforceWordlist;
+        throw new IllegalStateException();
     }
 }